Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Antwort: [FW1] OT - newbie question about PING

To: "Chontzopoulos, Dimitris" <[email protected]>, <[email protected]>
Subject: RE: Antwort: [FW1] OT - newbie question about PING
From: [email protected]
Date: Mon, 9 Jul 2001 10:14:19 +0200
Cc: [email protected]
Sender: [email protected]


Dimitris,

I agree with your assessment, that icmp can be used for all sorts of nasty
things.

The solution I usually implement is this: Allow only certain users/hosts to
use outbound ping and allow only the necessary icmp reply packets back in.
There's a FAQ at www.phoneboy.com on how to set this up exactly.

I think, since version 4.0 FW-1 is even able to do stateful inspection for
imcp?!


Cheers
Ralf G.



z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z
Ralf Guenthner, Senior IT Security Consultant
Zentric GmbH & Co. KG  - IT Security & Groupware Solutions
Office Phone:     +49-6101-556060
Fax:       +49-6101-556065
mailto:[email protected]
http://www.zentric.com
+z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Rejecting Traffic
Next by Date: Re: [FW1] Checkpoint Pre-packaged appliance options other than Nokia-BSD orSun-Solaris platforms
Previous by thread: RE: [FW1] telnet lose connection after idled
Next by thread: RE: Antwort: [FW1] OT - newbie question about PING
Index(es):
- Date
- Thread